1. Field of the Invention
This invention relates to computer system security and, more particularly, to an apparatus and method for assigning passwords to various devices of a computer system and programmably altering that assignment to impart flexibility in the locking and unlocking of those devices with different levels of password security.
2. Description of the Related Art
Securing a computer system involves preventing unauthorized access to sensitive data and/or instructions contained within various hardware resources attributed to that system. The terms xe2x80x9cinstructionsxe2x80x9d and xe2x80x9cdataxe2x80x9d refer generically to all forms of electronic information, including data entries and files created by the instructions as well as the executable instructions themselves.
Typically a computer system will include a plurality of hardware resources, henceforth referred to as xe2x80x9cdevices.xe2x80x9d A group or set of devices may contain sensitive information and therefore must be periodically secured. Alternatively, a device may be an electromechanical mechanism, such as a latch, which prevents unauthorized access to the interior of the computer chassis. Thus, device is interchangeable referred to as a hardware resource that either contains sensitive information or provides a gateway, or securement, to that information. One form of securement involves a technique known as xe2x80x9cpassword matching.xe2x80x9d
Upon reset or boot-up of the computer system, a password stored within non-volatile memory will be entered into volatile memory proximate to a comparator. The previously stored password can then be compared against a user-entered password to determine if the user is allowed access. Typically, the volatile memory which receives the previously stored password, as well as a comparator locally linked to the volatile memory, are contained in what is often referred to as a xe2x80x9cblack boxxe2x80x9d. Description of a black box security device is generally set forth in U.S. Pat. No. 5,748,888 (herein incorporated by reference).
The password stored in non-volatile memory, and loaded into the black box during boot-up, is derived from either a battery-backed CMOS static RAM memory, electrically programmable or electrically erasable non-volatile memory (i.e., EEPROM, EEROM or Flash ROM). The non-volatile memory is generally contained within a device linked to a peripheral bus of a computer system. During boot-up operation, the computer Basic Input Output System (BIOS) will load the stored password from non-volatile memory into the black box where it can then be compared against a user-entered password. If a match occurs, then an unlock signal can be forwarded from the black box across a conductor or xe2x80x9cslotxe2x80x9d.
A black box security device may be configured to receive multiple stored passwords and therefore can match against multiple user-entered passwords against the stored passwords. In this fashion a black box may serve to compare respective dissimilar pairs of stored and user-entered passwords. This allows a user to enter a first password to gain access to only his or her computer, whereas a system administrator can enter a second password mutual to numerous computers across, for example, a network of computers.
Each slot of a black box may therefore be attributed to the comparison result of a previously stored and currently entered password. Since multiple stored and entered passwords can exist, multiple slots occur, each indicating either a lock or unlock signal status for a respective matched password pair.
Conventional black box security systems hardwire the slot output to various securable devices. More specifically, a first slot output from the black box is routed to, for example, a first set of devices and a second slot is routed to a second set of devices. Unfortunately, hardwiring or fixing a connection from a slot to a respective group of devices does not allow a system administrator flexibility to change the slot assignments.
It would be desirable to introduce a computer system which can programmably map a slot output from a black box to various securable devices. The system administrator can thereafter programmably modify the slot mapping assignments to impart flexibility on who should be granted access to various peripheral devices. This will afford benefit to the system administrator of allowing or disallowing select individuals or groups from accessing, and thereby modifying, any secured device attributed to a computer system.
The problems outlined above are in large part solved by an improved computer security system hereof. The security system encompasses a volatile memory medium. According to one embodiment, the security system includes a slot assignment register which receives the hardwired slot outputs from the black box and re-routes that output, i.e., maps that output to various devices requiring security. The slot assignment register contains multiple fields, each having a series of bits which can be programmed by the system administrator once that administrator is given access.
Each field of the slot assignment register is assigned to a particular securable device. The field can be programmed to accept one of the various slots emanating from the black box, or possibly a subset of slots. Still further, the fields can be programmed to possibly accept no black box protection whatsoever. The number of bits within each field corresponds to possibly the number of slots accommodated by the black box and/or possibly the number of slot combinations which the device assigned to the field will accept.
In order to account for a hierarchical or prioritize slot assignment, an encoder (or logic unit) may be coupled between the volatile memory and the slot assignment register. The encoder may serve to encode various groupings of slot signals and place the encoded output on a field entry within the slot assignment register programmed to the receive the coded slot. For example, the encoder may recognize a priority of slot 2 being higher than slot 0 or slot 1. In this manner, the encoder will forward an unlocked signal of slot 2 to all fields programmed to either slot 1 or slot 0, as well as to all fields programmed to slot 2. This allows a system administrator unlock signal on the higher priority slot 2 to unlock devices assigned to slots 0, 1, and 2. In this example, a system administrator having the highest password security can unlock all securable devices. However, a lower prioritized user of a particular computer or workstation will only be allowed access to a subset of securable devices on his or her computer but not all devices of his or her computer.
According to one embodiment, a computer system is provided incorporating a plurality of securable hardware devices. The computer system includes a keyboard and a storage unit operably coupled to the keyboard. The keyboard includes any device into which a user can enter data. Also, the password could simply be implemented as a hash, absent a black box, wherein the hash can be used to decrypt an entered password and compare the decrypted results with the previously stored data. The storage unit is adapted to produce an unlocked signal upon an output conductor of the storage unit if a stored password within the storage unit favorably compares with a password entered upon the keyboard. A register is operably coupled to the storage unit to direct the unlock signal to a first set of the plurality of hardware devices during a first time and to direct the unlock signal to a second set of the plurality of hardware devices partially dissimilar from the first set during a second time subsequent to the first time. In this manner the register is programmable to alter the mapping of the unlock signal from one hardware device to another. The register may be further coupled to direct another unlock signal upon another output conductor (or slot) of the storage unit to the first set of the plurality of hardware devices during the first time. In this manner, two or more slots, and associated unlock signals can be mapped to the same set of hardware devices.
According to another embodiment, a bus interface unit is provided between a plurality of buses upon which a plurality of devices are coupled. The bus interface unit includes a storage unit configured to retain a first stored password and a second stored password. A comparator is coupled to the storage unit for comparing a first user entered password and a second user entered password against the first and second stored passwords, respectively. The comparator can then present a first unlock signal from a first slot and a second unlock signal from a second slot if the first and second user entered passwords favorably compare with respective first and second stored passwords. A register is operably coupled to the comparator for programmably mapping the first slot to a first grouping of the plurality of devices and for mapping the second slot to a second grouping of the plurality of devices. The first grouping of devices may be a subset of the second grouping of devices, such that the first grouping of devices may be unlocked in response to either (i) the first unlock signal forwarded thereto via the mapped first slot, or (ii) the second unlock signal forwarded thereto by the mapped first slot. The first user entered password is presented to the comparator from a keyboard directly coupled to one of the plurality of buses, and when the second user entered password is presented to the comparator from a keyboard remotely coupled to one of the plurality of buses. Thus, the second user entered password may be entered from a system administrator often distantly connected to the computer of interest.
According to yet another embodiment, a method is presented for unlocking a plurality of securable hardware devices operably connected to a computer system. The method involves multiple steps, some of which include comparing a user-entered password against a stored password. A first unlock signal can then be presented upon a first slot conductor if the user-entered password is the same as the stored password. The first slot conductor can then be mapped to a first grouping of the plurality of securable hardware devices during a first time. During a second time subsequent to the first time, the first slot conductor can be mapped to a second grouping to a plurality of securable hardware devices. In the interim between the first and second times, a slot assignment register is re-programmed so that the first slot conductor is re-routed.